oss-sec mailing list archives
Re: CVE Request -- mlmmj -- Directory traversal flaw by editing and saving list entries via php-admin web interface
From: Morten Shearman Kirkegaard <morten () afdelingp dk>
Date: Sat, 26 Jun 2010 10:42:25 +0200
CC'ing Christoph Thiel (mlmmj-php-admin author) and Ben Schmidt (current mlmmj maintainer). On Wed, 2010-06-23 at 19:41 +0200, Florian Streibelt wrote:
when I reported the bug I had no time to further investigate and I think I did not report upstream because of lack of time at that point and later forgot - which is sad.
Yeah, well, things like that happen. Would you agree that the attached patch fixes the vulnerability? Using a list of known-good-characters would be nice, but dot happens to be a valid character in a list name.
The php webinterface is a third-party development for mlmmj but part of the official release.
I know that this is just semantics, but... While it is true that the mlmmj-php-admin web interface is distributed along with mlmmj, it is not a part of mlmmj itself, but is located in the contribs directory. Best regards, Morten -- Morten Shearman Kirkegaard <morten () afdelingp dk>
Attachment:
patch-mlmmj-php-admin-dirtravfix.diff
Description:
Current thread:
- CVE Request -- mlmmj -- Directory traversal flaw by editing and saving list entries via php-admin web interface Jan Lieskovsky (Jun 23)
- Re: CVE Request -- mlmmj -- Directory traversal flaw by editing and saving list entries via php-admin web interface Florian Streibelt (Jun 23)
- Re: CVE Request -- mlmmj -- Directory traversal flaw by editing and saving list entries via php-admin web interface Morten Shearman Kirkegaard (Jun 26)
- Re: CVE Request -- mlmmj -- Directory traversal flaw by editing and saving list entries via php-admin web interface Josh Bressers (Jun 25)
- Re: CVE Request -- mlmmj -- Directory traversal flaw by editing and saving list entries via php-admin web interface Florian Streibelt (Jun 23)